SYM_GO_0028 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The server is started using HTTP without TLS encryption, which means all data sent between clients and the server is transmitted in plain text. This exposes sensitive information to anyone who can intercept the network traffic.
Impact
Without TLS, attackers can eavesdrop on or tamper with data exchanged between users and the server, potentially stealing credentials, session tokens, or personal data. This can lead to data breaches, user impersonation, and loss of trust in your application.